Merge 2bfd3073e9 into 079a83c99b

bots.d/bad-uri-words.conf

@@ -0,0 +1,17 @@
+# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
+
+# THE RULES BELOW ARE ENABLED BY DEFAULT
+# You can disable this default list by switching the values to 0
+
+# Old WordPress vulnerability
+"~*(?:\b)HelloThinkPHP(?:\b)"	1;
+
+# Trigger XDebug in production
+"~*(?:\b)XDEBUG_SESSION_START(?:\b)"	1;
+
+# PHPUnit exploit:
+# 	/vendor/phpunit/phpunit/phpunit.xsd
+# 	/vendor/phpunit/phpunit/build.xml
+# 	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
+"~*(?:\b)vendor/phpunit/phpunit(?:\b)"	1;
+"~*(?:\b)phpunit/src/Util/PHP/eval-stdin\.php(?:\b)"	1;

bots.d/blockbots.conf

@@ -79,6 +79,14 @@ if ($bad_referer) {
   return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
 }
 
+# ---------------------------------
+# BLOCK BAD URI WORDS
+# ---------------------------------
+
+if ($bad_uri_words) {
+  return 444;
+}
+
 # -----------------------------
 # BLOCK IP ADDRESSES and RANGES
 # -----------------------------

conf.d/globalblacklist.conf

@@ -19423,6 +19423,22 @@ geo $ratelimited {
 # END SECTION 4 - ACTIVATE BLOCKER FUNCTIONS
 # ==========================================
 
+
+# =============================
+# BEGIN SECTION 5 - REQUEST URI
+# =============================
+
+map $request_uri $bad_uri_words {
+	default 0;
+	# include bots.d/whitelist-domains.conf; # ???
+	include bots.d/bad-uri-words.conf;
+}
+
+
+# ==========================================
+# END SECTION 5 - ACTIVATE BLOCKER FUNCTIONS
+# ==========================================
+
 # =====================
 # END BLOCKER FUNCTIONS
 # =====================